OAuth 2.0 Verify Endpoint

This OAuth 2.0 endpoint can be used by an app to verify if the access token is a valid token for the App.

Verifying an access token

GET /{tenant}/oauth2/v1/verify/

The request

Request parameters

Name Values Description Required
access_token The access token as a string The access token to verify. Yes

Example request

GET /{tenant}/oauth2/v1/verify/?access_token=5686IDG8S78GS6R5

The response

if the access token is valid, the response is a json result containing the following info on the access token:

Response parameters

Name Values Description
audience The client ID The audience must match your App's Client ID.
expires_in A number The number of seconds the access token is valid from the time this response is received.
scope A space delimited set of scopes The list of scopes that are returned, can be different from the list of scoped your App asked in the initial request. This can be the result of a user not granting the App access to certain scopes or the rights of the user prevent the user from having the scopes.

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
    "audience":"79237937",
    "scope":"profile.read",
    "expires_in": 567
}

if the access token is invalid, the response is the following result:

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
    "error":"invalid_token"
}

Related sections